HIPAA Compliance May 18, 2026 8 min read

Compliancy Group Review: What the ADA Endorsement Does and Does Not Cover

By Sam Cherkaoui, CIPP/US Certified Data Privacy Advisor

Quick Answer

The endorsement is a vendor recommendation, not certification. HHS and OCR do not issue HIPAA certifications of any kind. ADA Member Advantage vetted the product for 18 months before announcing it in March 2021.
Right of Access remains the most common dental fine. A dental practice paid $170,000 in 2024, Family Dental Care paid $30,000, and Paradise Family Dental paid $25,000. The Guard does not manage records request workflows.
ADA members receive 15% off, with annual costs typically running $3,000 to $8,000 or more based on practice size and selected modules.
The 'no client has failed an OCR audit' claim means clients had documentation to produce, not that OCR found their programs perfect or that the software prevents violations.
OCR's Risk Analysis Initiative now examines actual security posture, not just whether a documented SRA exists under 45 CFR 164.308(a)(1)(ii)(A).

Quick answer

The ADA endorsement of Compliancy Group means the American Dental Association evaluated and recommends The Guard software as a tool for managing HIPAA compliance documentation. That is meaningful vetting. What it does not mean: that subscribing to the software makes your practice compliant, that the Trust Badge is a government certification, or that the software prevents the specific violation types OCR most commonly fines dental practices for. The endorsement is a recommendation, not a guarantee.

If you are a dental practice owner in Texas who has looked at Compliancy Group, you have seen the ADA endorsement. The American Dental Association does not hand those out casually. The vetting process for the HIPAA endorsement took 18 months. That is worth something.

It is also worth being precise about what it means. Dental practices are still being fined by OCR. Three separate dental practices settled with OCR for Right of Access violations in September 2022 alone. In 2024, a dental practice paid $170,000 for the same category of failure. The software that bears the ADA endorsement does not prevent those violations. Understanding why requires understanding what the product actually does.

What the ADA Endorsement Actually Means

ADA Member Advantage is the endorsement program of the American Dental Association. It offers members access to vetted products and services across practice management, technology, financial services, and compliance. When the ADA endorses a vendor, it has evaluated the product through its own review process and is recommending it to members as a suitable tool in its category.

In March 2021, Compliancy Group was announced as the exclusive ADA-endorsed HIPAA compliance management solution after an 18-month vetting process. In June 2023, a second endorsement was added for OSHA compliance. ADA members receive a 15% discount on Compliancy Group’s services.

The endorsement means the ADA reviewed the product, found it credible, and recommends it to its members for HIPAA compliance management. It does not mean OCR endorses Compliancy Group. It does not mean the federal government has verified that any dental practice using the software is HIPAA compliant. HHS and OCR do not offer HIPAA certifications of any kind. There is no official HIPAA certification program in the United States. A vendor endorsement from a dental trade association and a federal compliance determination are two different things, which is the same reason a HIPAA compliance seal will not save you in an OCR investigation.

What The Guard Actually Does

Compliancy Group’s product, called The Guard, is a cloud-based compliance management platform. It addresses the documentation and tracking side of HIPAA compliance. A breakdown of what it covers:

It guides practices through a Security Risk Analysis using a structured questionnaire process. The SRA is a required element under the HIPAA Security Rule, and The Guard makes completing and documenting one significantly easier than starting from scratch. Independent analysis consistently rates it as one of the stronger tools for this specific function.

It manages policy and procedure documentation. HIPAA requires covered entities to have written policies that match how they actually operate. The Guard provides over 100 policy templates and tracks when employees acknowledge those policies. That documentation becomes important if OCR requests records.

It tracks employee training. HIPAA requires workforce training, and The Guard includes more than 90 training courses with completion tracking and attestation records stored in the system.

It manages Business Associate Agreements. The platform tracks which vendors have access to protected health information and whether BAAs are in place and current.

It provides audit response support. The Audit Response Program is included in all subscriptions. If OCR contacts a practice, Compliancy Group’s team works with the practice to pull the relevant documentation from The Guard and prepare a response. This is the basis for the company’s claim that no client has failed an OCR audit.

What Does the “No Client Has Failed an OCR Audit” Claim Mean?

Compliancy Group states on its website that no client has failed an OCR or CMS audit. That claim has been consistent for years and is well documented. It is worth understanding what it means in practice.

When OCR investigates a dental practice, it typically requests documentation: risk assessments, training records, policies, BAA lists, incident reports. The investigation evaluates whether the practice made a documented good-faith effort to comply. A practice that can produce organized, complete documentation of its compliance program is in a substantially better position than one that cannot.

What the claim means: clients who used The Guard actively and followed the program had organized documentation when OCR came knocking. The audit response support helped them produce what OCR needed. They survived the process without the investigation resulting in a penalty.

What the claim does not mean: that the software prevents violations from occurring. It does not mean OCR reviewed a client’s program and found it perfect. It means that when OCR investigated, clients were able to demonstrate a documented effort. That is valuable. It is not the same as saying the software makes you invulnerable to HIPAA enforcement.

Three Things the ADA Endorsement Does Not Cover

Right of Access failures

OCR’s Right of Access Initiative has resulted in more than 50 enforcement actions since its launch in 2019, and it remains active. The requirement is straightforward: when a patient requests a copy of their records, you have 30 days to provide it. OCR has fined dental practices for this specific failure repeatedly.

Family Dental Care in Chicago settled with OCR for $30,000 after a patient waited five months for records. Paradise Family Dental paid $25,000 after a parent waited eight months for her child’s records. A dental practice paid $170,000 in 2024 for the same category of violation.

The Guard does not manage patient records access requests. It is a compliance documentation platform, not a front-desk workflow system. If your office manager does not know the 30-day rule, or knows it but does not prioritize it when the practice is busy, the software does not catch that gap.

Unauthorized disclosures through staff behavior

In December 2022, OCR settled a case against a dental practice for impermissible disclosures of patient PHI. The settlement involved how staff handled patient information outside of documented processes.

The Guard provides employee training and tracks completion. What it cannot do is monitor what employees actually say, post, or share in their daily work. A staff member who responds to a patient review online and includes health information, a front desk employee who discusses a patient’s treatment with a family member in the waiting room, a dental assistant who photographs a procedure without proper authorization: these are compliance failures that training can reduce but software cannot eliminate.

OCR enforcement in 2025 included 21 settlements and civil monetary penalties, the second-highest annual total on record. Many of those cases involved behavior at the individual level that no software platform would have intercepted.

Technical security gaps in your actual IT environment

The Guard guides you through a Security Risk Analysis. The SRA identifies risks based on your answers to structured questions about your environment. That is valuable for building a documented baseline. What it is not is a technical assessment of your actual infrastructure.

OCR’s Risk Analysis Initiative, launched in 2024 and continuing in 2026, specifically targets cases where a practice’s documented SRA does not match its actual security posture. The initiative has produced multiple enforcement actions and is now expanding to include risk management practices, not just the existence of a risk analysis document.

If your practice has unencrypted devices, shared login credentials across the front desk, or a cloud storage system that nobody has configured with appropriate access controls, a questionnaire-based SRA may not catch those specific exposures. The documentation says the practice conducted a risk analysis. The technical reality may tell a different story. OCR is now examining both.

Is Compliancy Group Worth Using?

For a dental practice that currently has no compliance program in place, yes. The Guard provides a structured, guided path to documented HIPAA compliance that is far better than starting from scratch. The ADA’s endorsement reflects a real vetting process. The audit response support is a meaningful benefit. Independent reviews are consistently positive. Annual costs running $3,000 to $8,000 or more depending on practice size are significant, comparable to a one-time HIPAA Risk Analysis engagement, but the documentation value is real.

The limitation is the one that applies to every compliance software platform. The software manages your documentation. Compliance is also about what your staff does, how your IT is configured, and whether your operational procedures are actually working. A dental practice in Houston or Katy that subscribes to The Guard and treats that as the end of the compliance conversation has moved the risk significantly but has not eliminated it.

The three violation categories that routinely produce OCR fines, Right of Access, staff behavior, and technical security, require operational attention that no software platform fully replaces. The ADA endorsement reflects the quality of the tool. Whether that tool is enough depends on what happens in your practice every day.

What a Dental Practice in Texas Should Actually Do

Start with an honest assessment of where you are. If you have nothing in place, a structured software platform like Compliancy Group is a reasonable first step. For practices comparing tools head to head, our breakdown of Medcurity vs Patient Protect vs a real Risk Analysis covers the differences. If you already have The Guard and have been working through it, the question is whether your daily operations and your actual technical environment match what the documentation says.

OCR’s current enforcement priorities are risk analysis quality and patient records access. Both of those are things you can check without a new software subscription. Pull up your last SRA. Does it reflect how your practice actually operates today, or does it reflect how it operated when you first set it up? Pull up your records request log. Do you have one? When was the last time a patient asked for their records, and how long did it take?

A compliance program built on good documentation and good daily habits is more durable than one built on documentation alone. The ADA endorsement is a signal that Compliancy Group helps with the documentation side. The daily habits are still on you.

Last reviewed: May 18, 2026

Stay current on HIPAA enforcement in Texas

Practical updates for small healthcare practices. No spam, no legal jargon.

No spam. Unsubscribe anytime.

Not sure if your compliance program covers the gaps the software misses?

A Privacy Exposure Review identifies your top compliance gaps in a one-page memo. Flat fee, no retainer.

Schedule a Consultation

Frequently Asked Questions

Is the ADA endorsement of Compliancy Group the same as HIPAA certification?

No. The ADA endorsement is a vendor recommendation from the American Dental Association's endorsed products program. It means the ADA evaluated Compliancy Group's software and found it suitable for helping dental practices manage HIPAA compliance documentation. It is not issued by the federal government. HHS and OCR do not offer HIPAA certifications. The ADA endorsement and HIPAA compliance are two separate things.

What does the Compliancy Group 'no client has failed an OCR audit' claim actually mean?

It means that clients who actively used The Guard software and followed the program had documentation of good-faith compliance efforts when OCR investigated them. The Audit Response Program helped those clients produce required policies, risk assessments, and training records. It does not mean clients had zero findings or that the software prevents specific violation types like Right of Access failures or improper disclosures.

What HIPAA violations does Compliancy Group software not protect against?

The Guard manages documentation and training but does not prevent three common violation categories: Right of Access failures (not providing patient records within 30 days), unauthorized disclosures through staff behavior or social media, and actual technical security gaps in your IT environment. OCR has fined dental practices $30,000 and $170,000 for Right of Access failures regardless of what compliance software they used.

How much does Compliancy Group cost for dental practices?

Independent analysis estimates annual costs typically range from $3,000 to $8,000 or more depending on practice size and the services selected. ADA members receive a 15% discount. The subscription includes access to The Guard software, compliance coaching, and the Audit Response Program. Pricing is not publicly listed on a per-tier basis and varies by contract.

Is Compliancy Group a good HIPAA compliance solution for dental practices?

It is a legitimate, well-reviewed product that many dental practices use. The ADA's 18-month vetting process was rigorous. For a practice that has nothing in place, The Guard provides a structured path to documented compliance. The limitation to understand is that the software manages your compliance program documentation. Actual compliance also depends on what your staff does, how your IT is configured, and whether your patient records access procedures are working correctly.

Last updated: May 18, 2026. This article reflects current US HIPAA and state privacy law enforcement practice. NPA is not a law firm; for case-specific legal advice, consult licensed counsel in your jurisdiction.

Need help with HIPAA compliance or US data privacy law?

NPA helps small healthcare practices and small to mid-sized businesses build and maintain audit-ready compliance programs. CIPP/US certified. Houston-based, serving practices nationwide.

Book a Consultation